Pascal Birchler

6 exploits Active since May 2017
CVE-2017-9061 WRITEUP MEDIUM WRITEUP
WordPress < 4.7.5 - Cross-Site Scripting via Large File Upload Error Message
In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename.
CVSS 6.1
CVE-2017-9062 WRITEUP HIGH WRITEUP
WordPress < 4.7.5 - Cross-Site Request Forgery via XML-RPC API
In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API.
CVSS 8.6
CVE-2017-9065 WRITEUP HIGH WRITEUP
WordPress < 4.7.5 - Unauthenticated Post Meta Data Access via XML-RPC API
In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API.
CVSS 7.5
CVE-2017-9066 WRITEUP HIGH WRITEUP
WordPress < 4.7.4 - Server-Side Request Forgery via HTTP Redirect Validation
In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF.
CVSS 8.6
CVE-2022-3708 WRITEUP CRITICAL WRITEUP
Web Stories < 1.24.0 - Authenticated Server-Side Request Forgery via Hotlink Proxy REST API
The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including 1.24.0 due to insufficient validation of URLs supplied via the 'url' parameter found via the /v1/hotlink/proxy REST API Endpoint. This makes it possible for authenticated users to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
CVSS 9.6
CVE-2023-1979 WRITEUP MEDIUM WRITEUP
Web Stories for WordPress - Privilege Escalation
The Web Stories for WordPress plugin supports the WordPress built-in functionality of protecting content with a password. The content is then only accessible to website visitors after entering the password. In WordPress, users with the "Author" role can create stories, but don't have the ability to edit password protected stories. The vulnerability allowed users with said role to bypass this permission check when trying to duplicate the protected story in the plugin's own dashboard, giving them access to the seemingly protected content. We recommend upgrading to version 1.32 or beyond commit  ad49781c2a35c5c92ef704d4b621ab4e5cb77d68 https://github.com/GoogleForCreators/web-stories-wp/commit/ad49781c2a35c5c92ef704d4b621ab4e5cb77d68
CVSS 4.9